Post a Reply

Replies

You can generate passwords using uniqid() and put it on a database, then after a client uses the password the password that is stored on the database is destroyed/deleted. I guess mobile means a device, an app or something, for that you need to create your own application and connect it to the database to fetch the passwords. A little heads up, this is not the most secure thing in the whole universe, but you can use md5/sha to encrypt your passwords but it doesn't do very much.

there seems to be problems when you use this method... but maybe there is a lack of information about this service1. how would a registered user of the service be recognised? how do you know if the user is legitimate? you would need some form of login and that requires a secret key of some sort to gain access.2. if you don't identify a legitimate user, that means anyone can request a secret key from the service. that raises an issue if and attacker uses mitm to steal the information when sending, or, if the attacker has access to the sent address, such as email.3. assuming the attacker does not have access to the destination address of the secret key, if you use a form of pseudo-rng to generate the secret keys, if the attacker observes the information for long enough, they may and will eventually find the pattern to your key generator.4. if an attacker does request a key from the service, it also brings the issue of the expiration of the secret key. if there is no expiration of the key until it is used, the attacker can and will crack your password within the time frame, especially if you use md5 hashing algorithm since it is insecure as it has more collisions than the current sha hash algorithm.